Configure HTTP event collector for the Splunk Add-on for Amazon Kinesis Firehose on a distributed Splunk Enterprise deployment
Prerequisites
- Install the Splunk Add-on for Amazon Kinesis Firehose on a distributed Splunk Enterprise deployment
- If your indexers are in an Amazon VPC, Configure an Elastic Load Balancer for the Splunk Add-on for Amazon Kinesis Firehose
- For optimal performance, set
ackIdleCleanup
to true ininputs.conf
located in$SPLUNK_HOME/etc/apps/splunk_httpinput/local/inputs.conf
for *nix users and%SPLUNK_HOME%\etc\apps\splunk_httpinput\local\inputs.conf
for Windows users.
Steps
- Decide what index you want to use to collect your Amazon Kinesis Firehose data. Ensure that this index is enabled and active. Sending data to a disabled or deleted index results in dropped events. If you need to create a new index, see Create custom indexes in Managing Indexers and Clusters of Indexers.
- Set up the HTTP Event Collector on your distributed deployment. For instructions on how to configure the HTTP Event Collector and create a server class using the deployment server, see Scale HTTP Event Collector with distributed deployments. When you define the server class, specify all indexers that you want to use to collect Amazon Kinesis Firehose data.
- Enable the deployment server and push the configuration to the clients.
- On the deployment server, confirm that the Enable SSL box is checked in your HTTP Event Collector global settings.
- Create a new HTTP event collector token with indexer acknowledgments enabled. For a detailed walkthrough, see Create an Event Collector token in Getting Data In. During the token configuration:
- Specify a Source type for your incoming data. See Source types for the Splunk Add-on for Amazon Kinesis Firehose for the source types supported by this add-on.
- Select the Index to which Amazon Kinesis Firehose will send data.
- Check the box next to Enable indexer acknowledgement.
- Save the token that Splunk Web provides. You need this token when you configure Amazon Kinesis Firehose.
- Repeat steps 5 and 6 for each additional source type from which you want to collect data. Each source type requires a unique HTTP event collector token.
Next step
Configure Amazon Kinesis Firehose to send data to the Splunk platform
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Feedback submitted, thanks!